For the packet capture files of Global Defense Matched, Zone Attack Matched or Zone Anomaly Matched, you can obtain attack sources by tracing a packet capture file. Suspicious IP address can also be blacklisted for effective attack defense.
Prerequisites
The packet capture task of Global Defense Matched, Zone Attack Matched or Zone Anomaly Matched has been created and enabled.
Procedure
- Choose .
- Click the Packet Capture File tab.
- Click
of a packet capture file in the Operation column to trace attack sources.
- On the Attack Tracing page, view the result of attack source tracing. For parameter settings, see Table 1.
Table 1 Attack source tracing parameters Parameter
Description
Source IP Address
Indicates the source IP address of the attacker.
Protocol Type
Indicates the protocol type of attack packets.
Destination Port
Indicates the destination port of attack packets.
Number of Attack Packets
Indicates the number of packets sent during attacks.
- Optional: Select one or more check boxes of attack records and click Add Items to Blacklist. Suspicious IP addresses are displayed in the blacklist of the Zone. The blacklist entries take effect only after being deployed on the device. For details on the deployment process, see Deploying the Defense Policy.
Blacklist is enabled for Zones. Attack sources are traced for packets captured after Zone Attack Matched and Zone Anomaly Matched are enabled. Then the attack sources can be blacklisted.
- Click Close. Return to the Packet Capture File page.